[417469] [Security] Provide console command to change user passwords

https://bugs.eclipse.org/bugs/show_bug.cgi?id=417469

5 files changed, 146 insertions, 88 deletions

diff --git a/plugins/org.eclipse.emf.cdo.server.security/.settings/.api_filters b/plugins/org.eclipse.emf.cdo.server.security/.settings/.api_filters
index 56e0dd3b62..a7e521255c 100644
--- a/plugins/org.eclipse.emf.cdo.server.security/.settings/.api_filters
+++ b/plugins/org.eclipse.emf.cdo.server.security/.settings/.api_filters
@@ -1,5 +1,14 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <component id="org.eclipse.emf.cdo.server.security" version="2">
+    <resource path="src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java" type="org.eclipse.emf.cdo.server.internal.security.SecurityManager">
+        <filter id="574668824">
+            <message_arguments>
+                <message_argument value="InternalSecurityManager"/>
+                <message_argument value="SecurityManager"/>
+                <message_argument value="SecurityItemContainer"/>
+            </message_arguments>
+        </filter>
+    </resource>
     <resource path="src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java" type="org.eclipse.emf.cdo.server.internal.security.SecurityManager$PermissionManager">
         <filter id="574619656">
             <message_arguments>
@@ -8,4 +17,12 @@
             </message_arguments>
         </filter>
     </resource>
+    <resource path="src/org/eclipse/emf/cdo/server/security/ISecurityManager.java" type="org.eclipse.emf.cdo.server.security.ISecurityManager">
+        <filter id="571473929">
+            <message_arguments>
+                <message_argument value="SecurityItemContainer"/>
+                <message_argument value="ISecurityManager"/>
+            </message_arguments>
+        </filter>
+    </resource>
 </component>
diff --git a/plugins/org.eclipse.emf.cdo.server.security/plugin.xml b/plugins/org.eclipse.emf.cdo.server.security/plugin.xml
index 9e2912e0c1..d514df05bf 100644
--- a/plugins/org.eclipse.emf.cdo.server.security/plugin.xml
+++ b/plugins/org.eclipse.emf.cdo.server.security/plugin.xml
@@ -29,7 +29,11 @@
       <factory
             productGroup="org.eclipse.emf.cdo.server.commands"
             type="adduser"
-            class="org.eclipse.emf.cdo.server.internal.security.bundle.AddUserCommand$Factory"/>
+            class="org.eclipse.emf.cdo.server.internal.security.SecurityManagerCommand$AddUser"/>
+      <factory
+            productGroup="org.eclipse.emf.cdo.server.commands"
+            type="setpassword"
+            class="org.eclipse.emf.cdo.server.internal.security.SecurityManagerCommand$SetPassword"/>
    </extension>
 
 </plugin>
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
index 6e924f5c5c..56a34600f3 100644
--- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
+++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
@@ -12,7 +12,6 @@ package org.eclipse.emf.cdo.server.internal.security;
 
 import org.eclipse.emf.cdo.common.branch.CDOBranchPoint;
 import org.eclipse.emf.cdo.common.commit.CDOCommitInfo;
-import org.eclipse.emf.cdo.common.model.EMFUtil;
 import org.eclipse.emf.cdo.common.revision.CDORevision;
 import org.eclipse.emf.cdo.common.revision.CDORevisionProvider;
 import org.eclipse.emf.cdo.common.security.CDOPermission;
@@ -24,7 +23,6 @@ import org.eclipse.emf.cdo.net4j.CDONet4jSession;
 import org.eclipse.emf.cdo.net4j.CDONet4jSessionConfiguration;
 import org.eclipse.emf.cdo.net4j.CDONet4jUtil;
 import org.eclipse.emf.cdo.security.Access;
-import org.eclipse.emf.cdo.security.ClassPermission;
 import org.eclipse.emf.cdo.security.Directory;
 import org.eclipse.emf.cdo.security.Group;
 import org.eclipse.emf.cdo.security.Permission;
@@ -65,7 +63,6 @@ import org.eclipse.net4j.util.om.monitor.OMMonitor;
 import org.eclipse.net4j.util.security.IAuthenticator;
 
 import org.eclipse.emf.common.util.EList;
-import org.eclipse.emf.ecore.EClass;
 
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -257,6 +254,20 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
     return result[0];
   }
 
+  public User setPassword(final String id, final String password)
+  {
+    final User[] result = { null };
+    modify(new RealmOperation()
+    {
+      public void execute(Realm realm)
+      {
+        result[0] = realm.setPassword(id, password);
+      }
+    });
+
+    return result[0];
+  }
+
   public Role removeRole(final String id)
   {
     final Role[] result = { null };
@@ -471,7 +482,9 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
 
   protected Realm createRealm()
   {
-    Realm realm = SecurityFactory.eINSTANCE.createRealm("Security Realm");
+    final SecurityFactory factory = SecurityFactory.eINSTANCE;
+
+    Realm realm = factory.createRealm("Security Realm");
     realm.setDefaultRoleDirectory(addDirectory(realm, "Roles"));
     realm.setDefaultGroupDirectory(addDirectory(realm, "Groups"));
     realm.setDefaultUserDirectory(addDirectory(realm, "Users"));
@@ -479,28 +492,26 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
     // Create roles
 
     Role allReaderRole = realm.addRole("All Objects Reader");
-    allReaderRole.getPermissions().add(SecurityFactory.eINSTANCE.createResourcePermission(".*", Access.READ));
+    allReaderRole.getPermissions().add(factory.createFilterPermission(Access.READ, factory.createResourceFilter(".*")));
 
     Role allWriterRole = realm.addRole("All Objects Writer");
-    allWriterRole.getPermissions().add(SecurityFactory.eINSTANCE.createResourcePermission(".*", Access.WRITE));
+    allWriterRole.getPermissions()
+        .add(factory.createFilterPermission(Access.WRITE, factory.createResourceFilter(".*")));
 
     Role treeReaderRole = realm.addRole("Resource Tree Reader");
     treeReaderRole.getPermissions().add(
-        SecurityFactory.eINSTANCE.createPackagePermission(EresourcePackage.eINSTANCE, Access.READ));
+        factory.createFilterPermission(Access.READ, factory.createPackageFilter(EresourcePackage.eINSTANCE)));
 
     Role treeWriterRole = realm.addRole("Resource Tree Writer");
     treeWriterRole.getPermissions().add(
-        SecurityFactory.eINSTANCE.createPackagePermission(EresourcePackage.eINSTANCE, Access.WRITE));
+        factory.createFilterPermission(Access.WRITE, factory.createPackageFilter(EresourcePackage.eINSTANCE)));
 
     Role adminRole = realm.addRole("Administration");
-    for (EClass eClass : EMFUtil.getConcreteClasses(SecurityPackage.eINSTANCE))
-    {
-      if (eClass != SecurityPackage.Literals.USER_PASSWORD)
-      {
-        ClassPermission permission = SecurityFactory.eINSTANCE.createClassPermission(eClass, Access.WRITE);
-        adminRole.getPermissions().add(permission);
-      }
-    }
+    adminRole.getPermissions().add(
+        factory.createFilterPermission(
+            Access.WRITE,
+            factory.createAndFilter(factory.createResourceFilter(realmPath),
+                factory.createNotFilter(factory.createClassFilter(SecurityPackage.Literals.USER_PASSWORD)))));
 
     // Create groups
 
@@ -516,6 +527,7 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
     User adminUser = realm.addUser("Administrator", "0000");
     adminUser.getGroups().add(adminsGroup);
 
+    OM.LOG.info("Security realm " + realmPath + " created");
     return realm;
   }
 
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManagerCommand.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManagerCommand.java
new file mode 100644
index 0000000000..a76324acc9
--- /dev/null
+++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManagerCommand.java
@@ -0,0 +1,96 @@
+/*
+ * Copyright (c) 2004-2013 Eike Stepper (Berlin, Germany) and others.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ * 
+ * Contributors:
+ *    Eike Stepper - initial API and implementation
+ */
+package org.eclipse.emf.cdo.server.internal.security;
+
+import org.eclipse.emf.cdo.server.security.ISecurityManager;
+import org.eclipse.emf.cdo.server.security.SecurityManagerUtil;
+import org.eclipse.emf.cdo.spi.server.CDOCommand;
+import org.eclipse.emf.cdo.spi.server.InternalRepository;
+
+/**
+ * @author Eike Stepper
+ */
+public abstract class SecurityManagerCommand extends CDOCommand.WithRepository
+{
+  public SecurityManagerCommand(String name, String description, CommandParameter... parameters)
+  {
+    super(name, description, parameters);
+  }
+
+  public SecurityManagerCommand(String name, String description)
+  {
+    super(name, description);
+  }
+
+  @Override
+  public void execute(InternalRepository repository, String[] args) throws Exception
+  {
+    ISecurityManager securityManager = SecurityManagerUtil.getSecurityManager(repository);
+    if (securityManager == null)
+    {
+      throw new CommandException("Security manager not found for " + repository);
+    }
+
+    execute(securityManager, args);
+  }
+
+  protected abstract void execute(ISecurityManager securityManager, String[] args);
+
+  /**
+   * @author Eike Stepper
+   */
+  public static final class AddUser extends SecurityManagerCommand
+  {
+    public AddUser()
+    {
+      super("adduser", "adds a user to the security realm of a repository", parameter("username"), optional("password"));
+    }
+
+    @Override
+    protected void execute(ISecurityManager securityManager, String[] args)
+    {
+      String username = args[0];
+      String password = args[1];
+      if (password != null)
+      {
+        securityManager.addUser(username, password);
+      }
+      else
+      {
+        securityManager.addUser(username);
+      }
+
+      println("User " + username + " added");
+    }
+  }
+
+  /**
+   * @author Eike Stepper
+   */
+  public static final class SetPassword extends SecurityManagerCommand
+  {
+    public SetPassword()
+    {
+      super("setpassword", "sets or unsets the password of a repository user", parameter("username"),
+          optional("password"));
+    }
+
+    @Override
+    protected void execute(ISecurityManager securityManager, String[] args)
+    {
+      String username = args[0];
+      String password = args[1];
+      securityManager.setPassword(username, password);
+
+      println("Password of user " + username + (password != null ? " set" : " unset"));
+    }
+  }
+}
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/bundle/AddUserCommand.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/bundle/AddUserCommand.java
deleted file mode 100644
index 902b635a35..0000000000
--- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/bundle/AddUserCommand.java
+++ /dev/null
@@ -1,71 +0,0 @@
-/*
- * Copyright (c) 2004-2013 Eike Stepper (Berlin, Germany) and others.
- * All rights reserved. This program and the accompanying materials
- * are made available under the terms of the Eclipse Public License v1.0
- * which accompanies this distribution, and is available at
- * http://www.eclipse.org/legal/epl-v10.html
- * 
- * Contributors:
- *    Eike Stepper - initial API and implementation
- */
-package org.eclipse.emf.cdo.server.internal.security.bundle;
-
-import org.eclipse.emf.cdo.server.security.ISecurityManager;
-import org.eclipse.emf.cdo.server.security.SecurityManagerUtil;
-import org.eclipse.emf.cdo.spi.server.CDOCommand;
-import org.eclipse.emf.cdo.spi.server.InternalRepository;
-
-import org.eclipse.net4j.util.factory.ProductCreationException;
-
-/**
- * @author Eike Stepper
- */
-public class AddUserCommand extends CDOCommand.WithRepository
-{
-  public static final String NAME = "adduser";
-
-  public AddUserCommand()
-  {
-    super(NAME, "adds a user to the security realm of a repository", parameter("username"), optional("password"));
-  }
-
-  @Override
-  public void execute(InternalRepository repository, String[] args) throws Exception
-  {
-    ISecurityManager securityManager = SecurityManagerUtil.getSecurityManager(repository);
-    if (securityManager == null)
-    {
-      throw new CommandException("Security manager not found for " + repository);
-    }
-
-    String username = args[0];
-    String password = args[1];
-    if (password != null)
-    {
-      securityManager.addUser(username, password);
-    }
-    else
-    {
-      securityManager.addUser(username);
-    }
-
-    println("User " + username + " added");
-  }
-
-  /**
-   * @author Eike Stepper
-   */
-  public static class Factory extends CDOCommand.Factory
-  {
-    public Factory()
-    {
-      super(NAME);
-    }
-
-    @Override
-    public CDOCommand create(String description) throws ProductCreationException
-    {
-      return new AddUserCommand();
-    }
-  }
-}